From d015e66f17f72a36750f2ecbb8d27b70d686e4fd Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 25 Nov 2017 07:46:37 +0000 Subject: [PATCH] WIP request rpc --- oauth3.core.js | 82 +++++++++++++++++++++++++++++--------------------- 1 file changed, 47 insertions(+), 35 deletions(-) diff --git a/oauth3.core.js b/oauth3.core.js index ea2611e..4d5e21b 100644 --- a/oauth3.core.js +++ b/oauth3.core.js @@ -294,25 +294,23 @@ } } , urls: { - , discover: function (providerUri, opts) { + , rpc: function (providerUri, opts) { if (!providerUri) { - throw new Error("cannot discover without providerUri"); + throw new Error("cannot run rpc without providerUri"); } if (!opts.client_id) { - throw new Error("cannot discover without options.client_id"); + throw new Error("cannot run rpc without options.client_id"); } var clientId = OAUTH3.url.normalize(opts.client_id || opts.client_uri); providerUri = OAUTH3.url.normalize(providerUri); - var discoverFile = opts.discoverFile || "directives.json"; var params = { - action: 'directives' //TODO: change this to not be directive specific. Is it even used? - , state: opts.state || OAUTH3.utils.randomState() + state: opts.state || OAUTH3.utils.randomState() , redirect_uri: clientId + (opts.client_callback_path || '/.well-known/oauth3/callback.html#/') , response_type: 'rpc' - , discoverFile: opts.discoveFile || "directives.json" , _method: 'GET' - , _pathname: '.well-known/oauth3/directives.json' + , _scheme: opts._scheme + , _pathname: opts._pathname , debug: opts.debug || undefined }; @@ -325,6 +323,13 @@ return toRequest; } + , discover: function (providerUri, opts) { + return OAUTH3.urls.directives(providerUri, opts); + } + , directives: function (providerUri, opts) { + opts._pathname = ".well-known/oauth3/scopes.json"; + return OAUTH3.urls.rpc(providerUri, opts); + } , implicitGrant: function (directive, opts) { // // Example Implicit Grant Request @@ -669,21 +674,26 @@ } } , discoverScopes: function (providerUri, opts) { + return OAUTH.scopes(providerUri, opts); + } + , scopes: function (providerUri, opts) { if (!providerUri) { throw new Error('oauth3.discoverScopes(providerUri, opts) received providerUri as :', providerUri); } - var opts = opts || {}; - opts.discoverFile = "scopes.json"; + opts = opts || {}; + opts._pathname = ".well-known/oauth3/scopes.json"; //TODO: add caching - return OAUTH3._discoverHelper(providerUri, opts).then(function(scopes) { + return OAUTH3._rpcHelper(providerUri, opts).then(function(scopes) { return scopes; }); - } - + } , discover: function (providerUri, opts) { + return OAUTH3.directives(providerUri, opts); + } + , directives: function (providerUri, opts) { if (!providerUri) { throw new Error('oauth3.discover(providerUri, opts) received providerUri as :', providerUri); } @@ -693,7 +703,8 @@ return directives; } - return OAUTH3._discoverHelper(providerUri, opts).then(function (directives) { + opts._pathname = ".well-known/oauth3/directives.json"; + return OAUTH3._rpcHelper(providerUri, opts).then(function (directives) { directives.azp = directives.azp || OAUTH3.url.normalize(providerUri); directives.issuer = directives.issuer || OAUTH3.url.normalize(providerUri); directives.api = OAUTH3.url.normalize((directives.api||':hostname').replace(/:hostname/, OAUTH3.uri.normalize(directives.issuer) || OAUTH3.uri.normalize(providerUri))); @@ -702,9 +713,8 @@ }); }); } - , _discoverHelper: function(providerUri, opts) { - opts.discoverFile = "directives.json"; - return OAUTH3._browser.discover(providerUri, opts); + , _rpcHelper: function(providerUri, opts) { + return OAUTH3._browser.rpc(providerUri, opts); } , request: function (preq, opts) { function fetch() { @@ -884,28 +894,28 @@ // , _browser: { window: 'undefined' !== typeof window ? window : null - // TODO we don't need to include this if we're using jQuery or angular - , discover: function(providerUri, opts) { + , rpc: function(providerUri, opts) { opts = opts || {}; providerUri = OAUTH3.url.normalize(providerUri); - // If no discoverFile was specified, who knows what they want, but - // this function used to only support directives.json, so it's worth - // a shot. - var discoverFile = opts.discoverFile || "directives.json"; - + // TODO SECURITY should we whitelist our own self? if (OAUTH3.uri.normalize(providerUri).replace(/\/.*/, '') === OAUTH3.uri.normalize(OAUTH3._browser.window.location.hostname)) { - console.warn("It looks like you're a provider trying to discover on yourself," + console.warn("It looks like you're a provider trying to run rpc on yourself," + " so we we're just gonna use" + " OAUTH3.request({ method: 'GET', url: " - + "'/.well-known/oauth3/" + discoverFile + "' })"); + + "'" + opts._pathname + "' })"); - return OAUTH3.request({ - method: 'GET' - , url: OAUTH3.url.normalize(providerUri) + '/.well-known/oauth3/' + discoverFile - }).then(function (resp) { - return resp.data; - }); + if (/localstorage/i.test(opts._scheme)) { + return OAUTH3.PromiseA.resolve(localStorage.getItem(opts._pathname)); + } + else { + return OAUTH3.request({ + method: 'GET' + , url: OAUTH3.url.normalize(providerUri) + opts._pathname // '/.well-known/oauth3/' + discoverFile + }).then(function (resp) { + return resp.data; + }); + } } if (!(opts.client_id || opts.client_uri).match(OAUTH3._browser.window.location.hostname)) { @@ -914,18 +924,20 @@ console.warn(opts.client_id || opts.client_uri, OAUTH3._browser.window.location.hostname); } - var discReq = OAUTH3.urls.discover( + var discReq = OAUTH3.urls.rpc( providerUri , { client_id: (opts.client_id || opts.client_uri || OAUTH3.clientUri(OAUTH3._browser.window.location)) , windowType: opts.broker && opts.windowType || 'background' , broker: opts.broker , state: opts._state || undefined , debug: opts.debug - , discoverFile: opts.discoverFile + , _scheme: opts._scheme + , _pathname: opts._pathname + , _method: opts._method } ); opts._state = discReq.state; - //var discReq = OAUTH3.urls.discover(providerUri, opts); + //var discReq = OAUTH3.urls.rpc(providerUri, opts); // hmm... we're gonna need a broker for this since switching windows is distracting, // popups are obnoxious, iframes are sometimes blocked, and most servers don't implement CORS